pgcrypto Cryptographic Functions

A newer version of this documentation is available. Click here to view the most up-to-date release of the Greenplum 5.x documentation.

pgcrypto Cryptographic Functions

Greenplum Database is installed with an optional module of encryption/decryption functions
called pgcrypto. The pgcrypto functions allow database
administrators to store certain columns of data in encrypted form. This adds an extra layer
of protection for sensitive data, as data stored in Greenplum Database in encrypted form
cannot be read by anyone who does not have the encryption key, nor can it be read directly
from the disks.

Note: The pgcrypto functions run inside the database server, which means that
all the data and passwords move between pgcrypto and the client application
in clear-text. For optimal security, consider also using SSL connections between the client
and the Greenplum master server.

Before you can use pgcrypto functions,
run the installation script $GPHOME/share/postgresql/contrib/pgcrypto.sql
in each database where you want the ability to query other
databases:

$ psql -d testdb -f $GPHOME/share/postgresql/contrib/pgcrypto.sql

See
pgcrypto in the PostgreSQL documentation for more information
about individual functions.